# Unsafe Deserialization

- ID: python-unsafe-deserialization
- Severity: CRITICAL
- CWE: Deserialization of Untrusted Data (CWE-502)
- Languages: Python
- Frameworks: django, flask, fastapi

## Description

Detects untrusted user input being deserialized using unsafe methods like
pickle.loads() or yaml.load().

## Remediation

Use json.loads() or yaml.safe_load() instead of pickle.

```python
import json
obj = json.loads(user_data)
```

Learn more: https://shoulder.dev/learn/python/cwe-502/unsafe-deserialization

## Documentation

[object Object]

## Related Rules

- **Insecure Deserialization** [HIGH]: 
- **LLM Training Data Poisoning** [HIGH]: 
- **LLM Training Data Poisoning** [HIGH]: 
- **Unsafe Deserialization** [CRITICAL]: 
- **LLM Training Data Poisoning** [HIGH]: